Newer
Older
gluon-ebtables-limit-arp
========================
The *gluon-ebtables-limit-arp* package adds filters to limit the
amount of ARP requests client devices are allowed to send into the
mesh.
The limits per client device, identified by its MAC address, are
6 packets per minute and 1 per second per node in total.
A burst of up to 50 ARP requests is allowed until the rate-limiting
takes effect (see ``--limit-burst`` in ``ebtables(8)``).
Furthermore, ARP requests for a target IP already present in the
batman-adv DAT cache are excluded from rate-limiting, in regard
to both counting and filtering, as batman-adv will be able
to respond locally without a burden for the mesh. Therefore, this
limiter should not affect popular target IP addresses, like those
of gateways or nameservers.
However it mitigates the impact on the mesh when a larger range of
its IPv4 subnet is being scanned, which would otherwise result in
a significant amount of ARP chatter, even for unused IP addresses.